Singapore’s Corporate Service Providers Act 2024 and its subsidiary legislation took effect on 9 June 2025, replacing the previous registered filing agent framework with a broader regulatory regime. The legislation extends registration and anti-money laundering obligations to a wider range of businesses providing prescribed corporate services from Singapore, including certain accounting-related activities, nominee-director arrangements and address services.
The changes require affected firms to reassess whether their activities fall within the registration framework and to strengthen their customer due diligence, beneficial ownership verification, suspicious transaction reporting and record-keeping procedures.
Impact on accounting and corporate services firms
Wider scope of activities may require CSP registration
The new regime is not limited to businesses that submit transactions to ACRA on behalf of clients. An entity may require registration where it provides prescribed corporate services from Singapore, even if it does not perform corporate filings.Activities potentially within scope include:
- forming local or foreign entities for clients;
- acting, or arranging for another person to act, as a director, nominee shareholder or company secretary by way of business;
- providing registered office, business address or correspondence address services;
- filing transactions with ACRA; and
- carrying out specified activities in connection with accounting services for the same client.
For accounting firms, the last category is particularly important. Registration may be triggered where a firm provides accounting services and also assists the same client with activities such as managing assets or bank accounts, organising capital contributions, establishing or managing legal entities, or facilitating the acquisition or disposal of businesses.
Firms should therefore assess the substance of each engagement rather than relying solely on the service description in the engagement letter.
Greater emphasis on firm-wide risk assessment
Registered CSPs must identify, assess and document their exposure to money laundering, terrorism financing and proliferation financing risks. The assessment must remain current and be available to the Registrar when requested.This is likely to require more than a generic compliance manual. Firms should be able to demonstrate how their risk assessment reflects:
- their client base;
- the jurisdictions in which clients and beneficial owners operate;
- the services provided;
- the complexity of ownership structures;
- transaction methods, including remote onboarding; and
- the use of technology or outsourced compliance providers.
Risk assessments should also be linked directly to client acceptance, ongoing monitoring and escalation procedures.
Beneficial ownership verification becomes a substantive compliance exercise
The maintenance and filing of beneficial ownership information should not be treated as an administrative process. CSPs are expected to take reasonable steps to identify and verify the individuals who ultimately own or control the client.
This may be difficult where ownership passes through multiple foreign companies, trusts or nominee arrangements. Where a firm cannot satisfactorily identify or verify the beneficial owner, it should not proceed with the service and should consider whether the circumstances warrant a suspicious transaction report.
A CSP may face regulatory consequences if information filed with ACRA is inaccurate, particularly where the firm relied on client representations despite having reasonable opportunities to verify them.
Customer due diligence must continue after onboarding
The customer due diligence (CDD) is required before a corporate service is provided, when suspicious circumstances arise, or when previously obtained information appears unreliable or inadequate.
The core procedures include identifying and verifying the customer and beneficial owner, understanding the purpose of the relationship, conducting sanctions and adverse-information screening, assigning a risk rating and monitoring the relationship on an ongoing basis. Records should generally be retained for five years.
Firms should also update client information according to the customer’s risk profile rather than collecting documents only at the start of the engagement.
Suspicious transaction reporting requires documented judgement
A firm should consider filing a suspicious transaction report where it cannot complete CDD or has reasonable grounds to suspect that assets are connected with money laundering, terrorism financing or proliferation financing.
A key audit and compliance issue is establishing when suspicion arose. Firms should retain a clear chronology showing:
- when relevant information was received;
- what enquiries were made;
- when the matter was escalated internally;
- who assessed the information;
- the basis for filing or not filing a report; and
- how tipping-off risks were managed.
Where the firm decides that apparently unusual conduct has a legitimate explanation, the reasoning should be documented. This record may be important during a regulatory inspection or subsequent investigation.
Remote onboarding requires enhanced controls
Non-face-to-face relationships present increased impersonation, document fraud and deepfake risks. For certain remote transactions, including specified incorporations and ownership or management transfers, a live video call must be conducted with an appropriate proposed director, substantial voting member or authorised representative.
Commercial identity-verification platforms and notarised documents may supplement the process but do not replace a statutory live video call where one is required. Firms should retain evidence of the call, including the participants, date, time and verification steps performed.
Nominee-director arrangements require closer scrutiny
A person generally cannot act as a nominee director by way of business unless the appointment is arranged by a registered CSP. The CSP must also assess whether the proposed nominee director is fit and proper.
Whether an arrangement is conducted “by way of business” depends on the overall facts. Relevant indicators include advertising, referrals, financial gain, repeated appointments and a degree of system or continuity. A small or nominal fee does not necessarily place the arrangement outside the legislation.
The assessment should consider the individual’s integrity, criminal and compliance history, financial standing, competence and ability to perform directors’ duties. Firms should document the searches, declarations and evidence used to support their conclusion.
Practical implementation issues
Accounting firms and corporate services providers may encounter the following challenges:
- Determining registration status: Firms may provide a combination of accounting, advisory, company-secretarial and administrative services. Assessing whether these collectively constitute regulated corporate services may require engagement-by-engagement analysis.
- Updating client acceptance systems: Existing onboarding forms may not collect sufficient information on beneficial ownership, source of funds, source of wealth, nominee arrangements, sanctions exposure and the purpose of complex structures.
- Integrating risk assessments with operations: A written enterprise risk assessment will be insufficient unless it affects client risk ratings, approval thresholds, review frequency and enhanced due diligence requirements.
- Verifying complex overseas structures: Firms may face delays obtaining documents from foreign registries, trusts, intermediate holding companies and ultimate beneficial owners.
- Managing incomplete CDD: Commercial teams may be reluctant to reject or terminate a client relationship. Policies should clearly identify when services must be withheld and who has authority to approve termination or escalation.
- Maintaining reporting access: Firms should ensure that their access to the SONAR reporting platform remains operational and that more than one authorised employee understands the filing process. Access should be tested before an urgent report is required.
- Monitoring sanctions-list updates: Automated screening tools can support compliance but do not replace professional review, escalation and documentation. Firms must also ensure that existing clients are re-screened when relevant lists change.
- Controlling outsourced compliance work: Responsibility remains with the CSP even where CDD information is obtained from another regulated professional or an external screening provider.
- Producing records promptly: Firms should maintain their own statutory and compliance records rather than relying entirely on information available through Bizfile. Systems should permit relevant records to be retrieved promptly when requested by a regulator.
Financial reporting and audit considerations
Although the CSP legislation is primarily regulatory, it may also affect financial reporting and audit engagements. Firms may need to consider:
- additional compliance expenditure, including staff, technology, screening systems and external legal advice;
- provisions or contingent liabilities arising from identified regulatory breaches;
- impairment or recoverability issues where fees are outstanding from clients whose services must be terminated;
- related-party or substance concerns involving nominee shareholders and directors;
- going-concern or fraud-risk implications where beneficial owners become uncontactable;
- whether suspected unlawful conduct triggers reporting obligations under professional standards or legislation; and
- the effect of unreliable ownership information on audit evidence, related-party identification and management integrity assessments.
Firms should remain alert where a client’s corporate structure is inconsistent with its stated commercial purpose, where ownership cannot be verified, or where unexplained funds move through the entity’s bank accounts.
Action points
Firms should undertake a structured review of their current services and compliance framework. Priority actions include:
- Map all services provided by the firm and determine which activities may require CSP registration.
- Update firm-wide ML/TF/PF risk assessments and internal policies.
- revise engagement acceptance, CDD and beneficial ownership procedures.
- Review existing nominee-director appointments and complete documented fit-and-proper assessments where required.
- Implement enhanced controls for remote onboarding and complex foreign structures.
- Test sanctions screening, internal escalation and SONAR reporting procedures.
- Train professional and administrative staff to recognise red flags and avoid tipping off clients.
- Ensure statutory, CDD and decision-making records can be produced promptly.
- Document significant professional judgements, particularly decisions not to apply enhanced measures or file an STR.
- Verify procedures against the latest legislation, ACRA guidance, sanctions requirements and STRO reporting instructions before implementation.
The expanded CSP framework significantly increases the compliance responsibilities of firms operating as corporate gatekeepers. Firms should not assume that existing procedures developed under the former filing-agent regime remain sufficient. A documented gap analysis, supported by operational testing and staff training, will be essential to demonstrate effective compliance.